Kenneth Pinkerton discusses charity governance in the wake of the recent Oxfam scandal.
Charity trustees are responsible for the governance of their charities. Broadly, that includes setting the charity’s strategic aims, providing leadership to put them into effect and monitoring the management of the business of the charity. It is also about ensuring accountability and measuring performance.
Governance and GDPR
In the context of GDPR, charity trustees must therefore consider the policies and systems being put in place to ensure compliance of what is undeniably a challenging area of law and practice. That is particularly the case when the GDPR is principles based and therefore open to interpretation.
As such, it is likely that many charities will be taking a “risk-based” approach. In doing so, the charity trustees must apply the standard of care set out in the Charities and Trustee Investment (Scotland) Act 2005 to act with the care and diligence that it is reasonable to expect of a person who is managing the affairs of another person. That is generally accepted as being a higher standard than how a person manages his or her own affairs.
In the light of GDPR, charity trustees may also wish to consider where compliance with data protection law sits in the risk register and what additional controls they might wish to put in place, the frequency and content of reports to ensure that they can demonstrate compliance.
This might indeed lead to a review of the governance of the charity in general. If that is the case and advice is required, contact Kenneth Pinkerton.